PCI DSS compliance

10.2.4 Invalid logical access attempts

10.2.4 Invalid logical access attempts

Brute force and logon attempts might be a first indication of a possible break-in. This is the reason such attempts should be properly logged and reviewed on a regular basis. On Linux this PCI DSS control might be configured by using the Linux audit system.

Linux systems have a great of auditing events, with the help of the Linux audit framework. The kernel has a built-in auditing mechanism, which allows system calls and file access to be monitored. Besides the access request to a resource itself, the success or failure is logged as well. Especially failed requests are interesting, as they might indicate a brute force attempt.